Posts

BPDU Filter vs BPDU Guard

        Today we will try to explore the difference between these 2 options, BPDU guard and BPDU filter We know that BPDU are used to communicate between switches in L2 networks  to ensure loop free topology. BPDU Guard is used to protect our access (or trunks incase of servers) ports from receiving undesired BPDU packets, this feature is helpful in enforcing your network boundary in access layer BPDU Guard can be enabled on global configuration as well as under the interface configuration BPDU Filter on the other hand is used to filter BPDU packets outbound when configured  in global configuration (after sending 11 BPDU out ) and will filter BPDU inbound/outbound when configured under the interface level To better understand these two features, let’s use this simple topology R1 is connected to SW1 through F0/0 to have R1 send and receive BPDU we will simple configure bridging group 1 on the router and we will join the bridge group when desired to test our configuration BPDU
Post a Comment
Read more

DTP Dynamic Trunking Protocol

The DTP is used by Cisco switches to negotiate if links  between two switches should be placed into access or trunk mode. .   The DTP also helps what trunking protocol (802.1Q or ISL) should be used. The individual DTP modes are:   dynamic auto - the port will negotiate the mode automatically, however, it prefers to be an access port dynamic desirable - the port will negotiate the mode automatically, however, it prefers to be a trunk port   Note: when you manually configure the trunk mode to be on using this command switchport mode trunk DTP will be still be sent of out of that interface. The following combinations will give you the results below dynamic auto + dynamic auto = access dynamic auto + dynamic desirable = trunk dynamic desirable + dynamic desirable = trunk dynamic auto + trunk = trunk dynamic desirable + trunk = trunk dynamic auto + access = access dynamic desirable + access =  access when you set the interface to static access, you are effectively disabling DTP on tha
Post a Comment
Read more

OSPF–Point To Multipoint Non-Broadcast

Image
Using same setup that we have been using in the last 3 posts, we will change the network type to point-to-multipoint Non-Broadcast we will also add a Ethernet link between R2 and R3 and enable OSPF on it Our final configuration should be something like this R1 interface Serial0/0   no ip address   encapsulation frame-relay   no frame-relay inverse-arp ! interface Serial0/0.123 multipoint   ip address 10.1.123.1 255.255.255.0   ip ospf network point-to-multipoint non-broadcast   ip ospf 1 area 0   frame-relay map ip 10.1.123.2 102   frame-relay map ip 10.1.123.3 103 !          router ospf 1   router-id 1.1.1.1   log-adjacency-changes   neighbor 10.1.123.2   neighbor 10.1.123.3 R2 interface Serial0/0   no ip address   encapsulation frame-relay   no frame-relay inverse-arp ! interface Serial0/0.123 multipoint   ip address 10.1.123.2 255.255.255.0   ip ospf network point-to-multipoint non-broadcast   ip ospf 1 area 0   frame-relay map ip 10.1.123.1 201 R3 interface
Post a Comment
Read more

OSPF–Point To Multipoint Networks

Image
using the same setup we used in the last 2 posts for Broadcast and Non-Broadcast Networks, but we will create multipoint interface on each router R1 interface Serial0/0   no ip address   encapsulation frame-relay   no frame-relay inverse-arp ! interface Serial0/0.123 multipoint   ip address 10.1.123.1 255.255.255.0   frame-relay map ip 10.1.123.2 102 broadcast   frame-relay map ip 10.1.123.3 103 broadcast R2 interface Serial0/0   no ip address   encapsulation frame-relay   no frame-relay inverse-arp ! interface Serial0/0.123 multipoint   ip address 10.1.123.2 255.255.255.0   frame-relay map ip 10.1.123.1 201 broadcast R3 interface Serial1/0   no ip address   encapsulation frame-relay   no frame-relay inverse-arp ! interface Serial0/0.123 multipoint   ip address 10.1.123.3 255.255.255.0   frame-relay map ip 10.1.123.1 301 broadcast we will enable OSPF under all sub interfaces interf s0/0.123 ip ospf 1 area 0 R2 interf s0/0.123 ip ospf 1 area 0 R3 interf s1/0.123 ip ospf
Post a Comment
Read more

OSPF - Broadcast Networks

Image
We are building this lab on the previous lab OSPF – Non Broadcast Networks We will remove the neighbor statements from R1 OSPF process and also changing the OSPF network type under the serial interfaces to Broadcast R1 interface Serial0/0   ip address 10.1.123.1 255.255.255.0   encapsulation frame-relay   ip ospf network broadcast   ip ospf 1 area 0   frame-relay map ip 10.1.123.2 102   frame-relay map ip 10.1.123.3 103   no frame-relay inverse-arp R2 interface Serial0/0   ip address 10.1.123.2 255.255.255.0   encapsulation frame-relay   ip ospf network broadcast   ip ospf priority 0   ip ospf 1 area 0   frame-relay map ip 10.1.123.1 201   frame-relay map ip 10.1.123.3 201   no frame-relay inverse-arp R3 interface Serial1/0   ip address 10.1.123.3 255.255.255.0   encapsulation frame-relay   ip ospf network broadcast   ip ospf priority 0   ip ospf 1 area 0   frame-relay map ip 10.1.123.1 301   frame-relay map ip 10.1.123.2 301   no frame-relay inverse-arp Remember the OSPF netw
Post a Comment
Read more

OSPF Area Types - Broadcast

Image
In this post and the following posts we will try to explore OSPF network types, OSPF is a core technology in the CCIE lab so you need to be able to configure it without referring to the DoC-CD In Cisco world, OSPF comes in 6 Network types 1- Broadcast 2- Non-Broadcast 3- point-to-multipoint 4- point-to-multipoint Non-Broadcast (Cisco proprietary) 5- Loopback We will examine each of these network types over NBMA (Non Broadcast Multiple Access) Media like frame relay network since this is where the confusion coming from. We will start with the Non-Broadcast networks since it is the default OSPF network when you configure OSPF under frame relay physical interfaces Initial configurations R1 ! interface Serial0/0   ip address 10.1.123.1 255.255.255.0   encapsulation frame-relay   frame-relay map ip 10.1.123.2 102 broadcast   frame-relay map ip 10.1.123.3 103 broadcast   no frame-relay inverse-arp interf lo0 ip add 1.1.1.1 255.255.255.255 R2 ! interface Serial0/0   ip
Post a Comment
Read more

Private VLANS and protected ports

Image
In this post we will try to learn two layer 2 technologies, private vlans and protected ports Private vlans is used to segregate the layer 2 domain within the same vlan so we don’t waste any IP addresses, think about as sub-vlans within the same vlan that share the same layer 3 address. These sub-vlans can be of two kinds                      1- Community 2- Isolated The difference between community and isolated sub-vlans that hosts within community vlan can communicate together however hosts within isolated vlans con’t communicate to each others, also note that hosts from different community vlans can’t communicate/isolated vlans can’t communicate together. The question is how these hosts in community/isolated vlans communicate to the outside world, and the answer is they communicate through the promiscuous port which is part of parent vlan but this port is allowed to communicate to all sub-vlans whether community or isolated In our setup, we have 2 switches running a trunk port
Post a Comment
Read more